The European Union’s (EU) new data privacy law isn’t being followed by some of the globe’s biggest technology companies, according to research from the EU Institute.
According to a report in Bloomberg, researchers found, of the 14 major technology companies’ privacy policies that used artificial intelligence software, a third of the privacy clauses were either “potentially problematic” or contained “insufficient information.” What’s more, an additional 11 percent of the policy’s sentences used language that was unclear.
The researchers didn’t name the companies that could be running afoul of the new General Data Protection Regulation (GDPR), which is a law that went into effect on May 25 and requires companies to get consent from customers to store and use their data. Companies that don’t follow the new rule could face fines, which Bloomberg said could be as high as 4 percent of their global sales. Bloomberg reported that the AI software, which the researchers are calling Claudette, found policies that didn’t name third parties that the data may be shared with, policies that stated that users give their consent to share data simply by using the website, and others with language that the researchers said was confusing or not clear.
“AI can be used to keep companies in check and ensure people’s rights are respected,” said Monique Goyens, director general of BEUC, the Brussels-based European consumer organization, in the report. She said the findings by the researchers were “very concerning” and that “many privacy policies may not meet the standard of the law.”
In a statement to Bloomberg, Alphabet‘s Google said its privacy policies have been updated and are now in clear language while an Amazon spokesperson told Bloomberg that its policies are compliant with GDPR. Meanwhile, Facebook said it “worked hard” to meet the rules. The study took place in June a month after the rule went into effect, noted Bloomberg.